c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7

Analysis

max time kernel
90s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe
Size

1.0MB
MD5

44acc6fdf90e99c6e41cad63d090833a
SHA1

216b76a268a8523f082a242b1f416eb636d208c4
SHA256

c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7
SHA512

b4ffd68857dd634fa9f02fe1642dbe738a70f13b19b79b4e2c31c2ac35f19a44ef5d08e1a92e7399e31ea76ea8afeb2d68a95d04a4e1d8e1b591e824a39f58cf
SSDEEP

24576:p6lbpW/x+rEPW75iM/rW9MKzptRHOjMqlAjuSyoEWjH5Ws:pD/x+rNliMjWxzlHOACA3hb5Ws

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1280	Youbak_MSN_PARTNER2036.exe
5084	Youbak_MSN_PARTNER2036.tmp

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 3188	2236	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	82
PID 2236 wrote to memory of 3188	2236	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	82
PID 2236 wrote to memory of 3188	2236	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	82
PID 3188 wrote to memory of 1280	3188	cmd.exe	84
PID 3188 wrote to memory of 1280	3188	cmd.exe	84
PID 3188 wrote to memory of 1280	3188	cmd.exe	84
PID 1280 wrote to memory of 5084	1280	Youbak_MSN_PARTNER2036.exe	85
PID 1280 wrote to memory of 5084	1280	Youbak_MSN_PARTNER2036.exe	85
PID 1280 wrote to memory of 5084	1280	Youbak_MSN_PARTNER2036.exe	85

C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe
"C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~BF6D.bat "C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe
    "C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\is-ICM0K.tmp\Youbak_MSN_PARTNER2036.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ICM0K.tmp\Youbak_MSN_PARTNER2036.tmp" /SL5="$90068,737659,54272,C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART
      4⤵
      Executes dropped EXE
      PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-ICM0K.tmp\Youbak_MSN_PARTNER2036.tmp

Filesize
694KB

MD5
29bb632f057f068130e8a7877781a05d

SHA1
10060581eb95e61d6ac8176f692a2ae251149b32

SHA256
13065ec81bfdf70d1074f8fb90f6eaecae531b76e71ba1542f3cefc41a9e29c1

SHA512
0b66548ea8690d755566054f42a3886ac983f8402afd8ff27923f092a71c8404e16add8393d314ea056698f51ab0f3260c882c1447b35f73b1830458e70fd405

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ICM0K.tmp\Youbak_MSN_PARTNER2036.tmp

Filesize
694KB

MD5
29bb632f057f068130e8a7877781a05d

SHA1
10060581eb95e61d6ac8176f692a2ae251149b32

SHA256
13065ec81bfdf70d1074f8fb90f6eaecae531b76e71ba1542f3cefc41a9e29c1

SHA512
0b66548ea8690d755566054f42a3886ac983f8402afd8ff27923f092a71c8404e16add8393d314ea056698f51ab0f3260c882c1447b35f73b1830458e70fd405

Download Submit
C:\Users\Admin\AppData\Local\Temp\~BF6D.bat

Filesize
78B

MD5
e179b6abdfffabcbaac2bcfa5f0ac4ff

SHA1
a2f6350ca96633ac247ae590e9d7177fd0e51755

SHA256
2d7ef0eb1abe131d817f79a38a0ed6ba96904df002f6864ff81deb595f9dfc48

SHA512
4b299029d984a133433b5494d44e80ad38dc56d2380ecdcad531e32f19237beab1b97f279c6b1f963806f08da1f8523db50e039addc2ffda5738ac68736ccf85

Download Submit
C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe

Filesize
989KB

MD5
d88681c275fd71f42ccaee06e5901fc9

SHA1
3f051192a4ea9722d139cea2e7d7aef860880253

SHA256
980e63c8f1c312d3dda44b1fc79cc937357a36c585fcda7c51a433e36f1600a5

SHA512
f096de74e29554d8960803f272d5c8cd37304d5fcc55d54287d0bd24901c6bf6cf9ca0b33f4d3ee96cdce5fab50248abe9332e5eb47066eb32ee5102737d2d86

Download Submit
C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe

Filesize
989KB

MD5
d88681c275fd71f42ccaee06e5901fc9

SHA1
3f051192a4ea9722d139cea2e7d7aef860880253

SHA256
980e63c8f1c312d3dda44b1fc79cc937357a36c585fcda7c51a433e36f1600a5

SHA512
f096de74e29554d8960803f272d5c8cd37304d5fcc55d54287d0bd24901c6bf6cf9ca0b33f4d3ee96cdce5fab50248abe9332e5eb47066eb32ee5102737d2d86

Download Submit
memory/1280-137-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1280-139-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1280-143-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads